Bug 38411 - remote exploit in bugzilla <= 2.12 ?
remote exploit in bugzilla <= 2.12 ?
Status: CLOSED RAWHIDE
Product: Red Hat Powertools
Classification: Retired
Component: bugzilla (Show other bugs)
7.1
i386 Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-30 13:04 EDT by Pekka Savola
Modified: 2007-03-26 23:44 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-30 13:19:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pekka Savola 2001-04-30 13:04:05 EDT
There are also a few other pending powertools bugzilla packaging issues, see reports.

----
Bugzilla 2.12 
  by Tara Hernandez - Monday, April 30th 2001 10:18 EST 

 Bugzilla is the bugtracking system used by mozilla.org. It is written in Perl and uses MySQL for the database backend. 

 Changes: Many changes were made, but one of the most significant is that users can now specify what sorts of notification they wish to 
receive 
 on their preferences page. 

 ===> This version also contains a security fix for several instances where untrusted content could be passed to a system call, allowing remote 
 users to run system commands with the priviledges of the Web server. <===

 All users not upgrading to 2.12 should apply the patch which fixes this as soon as possible. 

 License: Mozilla Public License (MPL) - Release focus: Major feature enhancements
Comment 1 David Lawrence 2001-04-30 14:14:06 EDT
We are spinng in a new bugzilla-2.12 rpm now. Please look for this in the next
rawhide.

Note You need to log in before you can comment on or make changes to this bug.